thr3ads.net - Secure testing commits - [Secure-testing-commits] r18067

If this information is useful, please help other people find it:
Share via:
Joey Hess
2012-Jan-06 21:14 UTC
[Secure-testing-commits] r18067 - data/CVE

Author: joeyh
Date: 2012-01-06 21:14:19 +0000 (Fri, 06 Jan 2012)
New Revision: 18067

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-01-06 20:46:22 UTC (rev 18066)
+++ data/CVE/list	2012-01-06 21:14:19 UTC (rev 18067)
@@ -1,3 +1,5 @@
+CVE-2012-0390 (The DTLS implementation in GnuTLS 3.0.10 and earlier executes
certain ...)
+	TODO: check
 CVE-2012-0389
 	RESERVED
 CVE-2012-0388
@@ -278,8 +280,7 @@
 	NOT-FOR-US: pfSense
 CVE-2012-XXXX [inkscape files unexpectedly read from /tmp]
 	- inkscape <unfixed> (low; bug #654341)
-CVE-2012-0287
-	RESERVED
+CVE-2012-0287 (Cross-site scripting (XSS) vulnerability in wp-comments-post.php
in ...)
 	- wordpress 3.3.1+dfsg-1
 	[squeeze] - wordpress <not-affected> (only 3.3.x vulnerable) 
 	[lenny] - wordpress <not-affected> (only 3.3.x vulnerable) 
@@ -383,8 +384,8 @@
 	- php-ids <itp> (bug #488848)
 CVE-2011-5020
 	RESERVED
-CVE-2011-5019
-	RESERVED
+CVE-2011-5019 (Cross-site scripting (XSS) vulnerability in setup/index.php in
...)
+	TODO: check
 CVE-2011-5018
 	RESERVED
 CVE-2011-5017
@@ -625,8 +626,8 @@
 	RESERVED
 CVE-2011-4906
 	RESERVED
-CVE-2011-4905
-	RESERVED
+CVE-2011-4905 (Apache ActiveMQ before 5.6.0 allows remote attackers to cause a
denial ...)
+	TODO: check
 CVE-2011-4899
 	RESERVED
 CVE-2011-4898
@@ -839,8 +840,7 @@
 	NOT-FOR-US: Schneider Electric Quantum Ethernet Module
 CVE-2011-4859 (The Schneider Electric Quantum Ethernet Module, as used in the
Quantum ...)
 	NOT-FOR-US: Schneider Electric Quantum Ethernet Module
-CVE-2011-4858
-	RESERVED
+CVE-2011-4858 (Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before
7.0.23 ...)
 	- tomcat5 <removed>
 	- tomcat6 <unfixed>
 	- tomcat7 <unfixed>
@@ -1621,8 +1621,7 @@
 CVE-2012-0028
 	RESERVED
 	- linux-2.6 2.6.32-1
-CVE-2012-0027 [Invalid GOST parameters DoS Attack in OpenSSL]
-	RESERVED
+CVE-2012-0027 (The GOST ENGINE in OpenSSL before 1.0.0f does not properly
handle ...)
 	- openssl <unfixed>
 	[lenny] - openssl <not-affected> (no GOST support)
 	[squeeze] - openssl <not-affected> (no GOST support)
@@ -1843,8 +1842,7 @@
 	- linux-2.6 <unfixed>
 CVE-2011-4620 (Buffer overflow in the ulSetError function in util/ulError.cxx
in PLIB ...)
 	- plib <unfixed> (bug #654785)
-CVE-2011-4619 [SGC Restart DoS Attack in OpenSSL]
-	RESERVED
+CVE-2011-4619 (The Server Gated Cryptography (SGC) implementation in OpenSSL
before ...)
 	- openssl <unfixed>
 CVE-2011-4618
 	RESERVED
@@ -1852,8 +1850,7 @@
 	- python-virtualenv 1.4.9-1 (low; bug #652653)
 	[lenny] - python-virtualenv <no-dsa> (Minor issue)
 	[squeeze] - python-virtualenv <no-dsa> (Minor issue)
-CVE-2011-4616
-	RESERVED
+CVE-2011-4616 (Cross-site scripting (XSS) vulnerability in the
HTML-Template-Pro ...)
 	- libhtml-template-pro-perl 0.9507-1 (low; bug #652587)
 	[squeeze] - libhtml-template-pro-perl <no-dsa> (Minor issue)
 CVE-2011-4615 (Multiple cross-site scripting (XSS) vulnerabilities in Zabbix
before ...)
@@ -1983,12 +1980,10 @@
 	RESERVED
 	{DSA-2362-1}
 	- acpid 1:2.0.11-1
-CVE-2011-4577 [Malformed RFC 3779 Data Can Cause Assertion Failures in OpenSSL]
-	RESERVED
+CVE-2011-4577 (OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779
support is ...)
 	- openssl <unfixed> (unimportant)
 	NOTE: RFC 3779 support has not been enabled at compile time.
-CVE-2011-4576 [Uninitialized SSL 3.0 Padding in OpenSSL]
-	RESERVED
+CVE-2011-4576 (The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x
before ...)
 	- openssl <unfixed>
 CVE-2011-4575
 	RESERVED
@@ -3349,11 +3344,9 @@
 CVE-2011-4110
 	RESERVED
 	- linux-2.6 3.1.4-1
-CVE-2011-4109 [Double-free in Policy Checks in OpenSSL]
-	RESERVED
+CVE-2011-4109 (Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when
...)
 	- openssl 1.0.0c-1
-CVE-2011-4108 [DTLS Plaintext Recovery Attack in OpenSSL]
-	RESERVED
+CVE-2011-4108 (The DTLS implementation in OpenSSL before 0.9.8s and 1.x before
1.0.0f ...)
 	- openssl <unfixed> (low; bug #645805)
 	NOTE:
http://rt.openssl.org/Ticket/Display.html?id=2625&user=guest&pass=guest
 CVE-2011-4107 (The simplexml_load_string function in the XML import plug-in
...)
@@ -3397,6 +3390,7 @@
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39)
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.39)
 CVE-2011-4096 (The idnsGrokReply function in Squid before 3.1.16 does not
properly ...)
+	{DSA-2381-1}
 	- squid3 3.1.16-1
 	[lenny] - squid3 <not-affected> (no IPv6 support)
 CVE-2011-4095
@@ -3438,7 +3432,8 @@
 	RESERVED
 CVE-2011-4085
 	RESERVED
-CVE-2011-4084 (Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before
7.0.23 ...)
+CVE-2011-4084
+	REJECTED
 	NOTE: Will be rejected to avoid confusion
 CVE-2011-4083
 	RESERVED
Secure testing commits - Jan 2012 - r18067 - data/CVE

[Secure-testing-commits] r18067 - data/CVE
